Black Hat - Day 2 - Class

The class I have chosen to attend at Black Hat is called "Designing Secure Web Applications Through Enlightenment and Understanding". Why not let hackers tell me what it is about web apps they find easy to hack!

When I walked into the room, I was immediately amused. A bunch of introverted geeks had (probably subconsciously) arranged themselves in the most efficient way to ensure that no one sits next to them until absolutely necessary. One person per row, scattered about so that no one was even sitting directly behind another person. Very odd.

Now the surprising part ... everyone, with the exception of the guy that ultimately sat down next to me, was running Windows. I expected Linux everywhere. (Yes, Paco, I'm writing this under Linux.) Of course, it's not hackers in the class, it's corporate developers (including 3 from Microsoft), so I guess I shouldn't have been surprised. The Microsoft guys, by the way, look like they knew they were headed into hostile territory. Their machines looked like they were clean installs, probably given to them just for this conference.

Some interesting people in my class: The Director of Security for TiVo, and a security analyst for a bank in Singapore. One of the Microsoft guys - self-reported "new guy" to the Passport team - talks a hell of a lot. He's getting his money's worth by making the instructor teach him directly. And, there's 4 women in here (total size of class = 15), but only one is remotely attractive (a Texan!) and she's getting a lot of attention. Gotta love geeks.

Speaking of which, I had to participate in a fairly rough conference call in the middle of the day, and did it from the window in the hallway. This window happens to overlook the only topless-bathing-allowed pool at Caesar's. That made the call easier to take, but CURSE YOU VEGAS! Stop giving me good luck with t-shirts and nudity, and give me bags of cash!

Black Hat - Day 1 - The trip in

When you're headed for Vegas, you want the trip to start off lucky. Unfortunately, mine didn't. A maintenance problem on the plane caused us to leave over 1 hour late. Grr.

My first order of business, after check-in was to walk from my hotel (NYNY) to Caesar's so I would know how early I have to leave in the morning. Well, let me tell you, I'll be cabbing it. The walk turns out to be over a mile, and when you figure in the detours you have to take to use the walkways over major roads, it's probably closer to 2 miles. And Holy Cow, is it a tough walk in 106 degrees. I had to stop along the way to buy water.

Next, I headed down to Luxor, to sign up for their nightly 8:30pm No Limit Hold 'em tournament. I got there at 6:35pm, only to discover that all seats were taken ? they start taking names at 6, and they're full by 6:10, every day. Damn.

Oh... I should mention that there is a benefit to the 106 degree weather. I've seen a number of women that apparently went somewhere to get skirts made that are the exact length of their butt cracks. I'm taking no margin of error here. A millimeter up or down on these skirts, and something is showing that's not supposed to be. I love Vegas.

Back to NYNY. They recently changed their players club card over to a unified system for all MGM properties. At the booth where I turned in my old one for a new one, the woman looked at the screen and say "Today is your birthday? Large or XL?" Apparently, you get a free t-shirt if you're in the hotel on your birthday. My luck is finally looking up.

I spent a few hours alternating between Blackjack and Craps. I won't bore you with the details, other than to say that I won $100 early, then managed to hold onto it all night. So, I finished my first day $100 up. And, now I've just set a bad precedent by telling you how my gambling goes, so I'll be compelled to share with you all the losses. Hmmm. Maybe I won't post this.

Now, here's where I admit just how pathetic I am. I couldn't sleep right away, so I fired up my PC and played a little poker on Poker School Online. So, yes, I'm in Vegas, but I spent some time in my hotel room on the Internet playing Poker for fake money. I'm glad no one reads this blog.

Black Hat

I'm attending the Black Hat Security Conference this year. Essentially this is where a bunch of hacker types come together to teach Corporate America how they're hacking us these days. There are a few days of classes, followed by a few days of presentations. Also, for free, we get into DEFCON, which is where all the underground hackers get together to interact with each other.

So, as a corporate citizen, you can see I'm headed into enemy territory. Yeah, I'm going to use the wireless network they're providing. Sure.

Did I mention this conference is in Las Vegas? Yeah, baby. Learning by day, gambling at night. What could be better?

The Art of War

I was reading about The Art of War, and how it pertains to business, and I was struck by a quote:

"So the principles of warfare are: Do not depend on the enemy not coming, but depend on our readiness against him. Do not depend on the enemy not attacking, but depend on our position that cannot be attacked."

This quote can mean many things, but it means something in particular to me in my company.

If you're a General in an army, and your mid-level officers are telling you you're ready for battle, when in fact you are not, you have bad officers. (And, in Sun Tzu's time, those officers would be executed.) Likewise, if you're a CEO, and you're told by middle managers, who are attempting to manage up, that all is rosy when it is not, you have lousy managers. You won't be ready for battle until you get rid of them. I hope my company learns this.